CVE-2022-22472Improper Preservation of Permissions in IBM Spectrum Protect Plus Container Backup AND Restore

CWE-281Improper Preservation of Permissions3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 49.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect Plus Container Backup AND RestoreIBM Spectrum Protect Plus
Timeline
PublishedJun 30
Latest updateJul 1

Description

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the pe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/spectrum_protect_plus10.1.10.2, 10.1.5, 10.1.7+2

🔴Vulnerability Details

2
GHSA
GHSA-vh3j-h3x7-5qfq: IBM Spectrum Protect Plus Container Backup and Restore (102022-07-01
CVEList
CVE-2022-22472: IBM Spectrum Protect Plus Container Backup and Restore (102022-06-30
CVE-2022-22472 — Improper Preservation of Permissions | cvebase